Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Frigate
- 0.13.2 and below
Source
security-advisories@github.com
Tags
CVE-2024-32874 details
Published : May 14, 2024, 3:37 p.m.
Last Modified : May 14, 2024, 4:12 p.m.
Last Modified : May 14, 2024, 4:12 p.m.
Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.8 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
6.8
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
References
| URL | Source |
|---|---|
| https://github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442 | security-advisories@github.com |
| https://github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jq | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.